Basic vulnerability found in most voice encryption products
IT security blogger Notrax claims to have successfully intercepted and compromised phone calls made using 12 commercially available mobile voice encryption products.
Using a readily available wiretapping utility, costing as little as $100, as well as his own “homemade’ Trojan, Notrax was able to bypass the encryption and eavesdrop by capturing conversations from the microphone and speaker in real time.
By suppressing any rings, notifications or call logs, these attacks go completely undetected. And while Trojans can be installed manually by someone with access to the phone, they could equally be delivered via email, SMS or a mobile application.
Here’s a video that shows an example of how the Cellcrypt product is insecure:
The list of tested solutions includes:
- Caspertec (Software) – Intercepted / insecure
- CellCrypt (Software) – Intercepted / insecure
- Cryptophone (Hardware) – Intercepted / insecure
- Gold-Lock (Software) – Intercepted / insecure
- Illix (Software) – Intercepted / insecure
- No1.BC (Hardware SD-Card) – Intercepted / insecure
- PhoneCrypt (Software) – Secure
- Rode&Swarz (Hardware Bluetooth) – Secure
- Secure-Voice (Software) – Intercepted / insecure
- SecuSmart (Hardware SD-Card) – Intercepted / insecure
- SecVoice (Software) – Intercepted / insecure
- SegureGSM (Software) – Intercepted / insicure
- SnapCell (Hardware) – Secure
- Tripleton (Hardware) – Still Under Review
- Zfone (Software) – Intercepted / insecure
- ZRTP (Software) – Intercepted / insicure.
While all software voice encryption products tested fell victim to these attacks, PhoneCrypt was able to block the Trojans. PhoneCrypt uses a filter that detects if any application tries to access a resource or service during a call and shuts it down. The callers are also alerted by a skull and cross-bones that appear on the screen:
“Like most security breaches, Notrax went for the weakest link; he did not attempt to crack the encryption itself, but used simple wiretapping techniques,” said Wilfried Hafner, CEO at SecurStar that developed the PhoneCrypt solution. “Unlike most of the vendors investigated, we recognized this potential security gap from the start and designed in measures to deliver complete end-to-end protection against eavesdropping.”